<?php
/**
 * @copyright Copyright 2012 CrApache-GUI
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * @license    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

/*
 * This is the main login module for CrApache-GUI. Developed from the scratch
 * by me and all hackers wellcome for hacking...!!
 * Username and password is passed from a seperate form and saved password
 * and username retrived from a SQLite database. *
 */

/**
 * This will establishe the connection to SQLite database.
 */

/* @var $database SQLite3 */

function connect_db(){

    $filename = "crapache.sqlite"; //Name of the SQLite database
    try {
        global $database;

        $database = new SQLite3("$filename");
    } catch (SQLiteException $ex){
        echo $ex->getMessage();
        exit();
    }
}

/**
 * This function will retrive the saved password form SQLite database.
 * @param string $username original username.
 * @return string hashed password.
 */

function retrive_pass($username){

    global $database;

    try {
        $stmnt = $database->prepare("SELECT password FROM users WHERE username = :username");
        $stmnt->bindValue(":username", $username);
        $result = $stmnt->execute();
        $row = $result->fetchArray();
    } catch (SQLiteException $ex){
        echo $ex->getMessage();
        exit();
    }

    return $row["password"];
}

/**
 * This function checks whether user name exists in the database.
 * @param string $username original username
 */

function validate_username($username){

    global $database;

    try {
        $stmnt = $database->prepare("SELECT username FROM users WHERE username = :username");
        $stmnt->bindValue(":username", $username);
        $result = $stmnt->execute();
    } catch (SQLiteException $ex){
        echo $ex->getMessage();
        exit();
    }

    if(!$result->fetchArray())
        throw new Exception("Invalid username!");
 }

/**
 * Checks whether original password and hashed password macthing.
 * @param string $password original password
 * @param string $username original username
 */

function validate_password($password, $username){

    try {
        validate_username($username);
    } catch (Exception $ex){
        echo $ex->getMessage();
        exit();
    }

    $enc_pass = retrive_pass($username);
    $orig_pass = hash("sha256", $password);

    if(!strcmp($enc_pass, $orig_pass) == 0)
            throw new Exception("Password missmatch!");
}

/**
 * This function will check the given username and password are exisits. If
 * exisits check whether they are correct.
 * @return boolean in succsess return true.
 */

function validate(){

    connect_db();

    $username = $_POST['username'];
    $password = $_POST['password'];

    try{
        validate_password($password, $username);
    } catch (Exception $ex){
       echo $ex->getMessage();
       throw new Exception("Invalid username or password!");
       exit();
    }
    return TRUE;
}

?>